<?php

	// Session
	session_start();
	
	// Nese vizitori eshte i identifikuar
	if (isset($_SESSION['user_id'])) {
		header("Location: index.php");
	}
	
	// Integrimi i skedave sistemore
    include('../include/functions.inc.php');
	include('../include/template.class.php');
	
	// Project
	$PROJECT = setProject();
	
	
	// Ndyshoret primare
	define('TPL','../include/styles/'.$PROJECT['style'].'/members/login.html');
	define('CAT',"members");
	
	
	// Inicializimi i shablonave
	$tmp = new Template(TPL,$PROJECT['lang']);

	
	// MENUES
	$tmp->setContent("CATEGORY",$tmp->menu("category","../members")); 
	$tmp->setContent("FOOTMENU",$tmp->menu("foot"));
	
	
	// Permbajtja e faqes %content%
	$tmp->setContent("HELP",$tmp->xmlContent("login"));

	
	// Defino ndyshoren per ridrejtim te faqes
	// Bug, mosridrejto vizitoret ne faqet e porosiave message.php
	if (isset($_POST['redirect'])) $_POST['redirect'] = $_POST['redirect'];
	elseif ($_SERVER['HTTP_REFERER'] == NULL) $_POST['redirect'] = "index.php";
	elseif (strpos($_SERVER['HTTP_REFERER'],"message") > 0) $_POST['redirect'] = "index.php";
	elseif (isset($_GET['redirect'])) $_POST['redirect'] = $_SERVER['HTTP_REFERER'];
	else $_POST['redirect'] = "index.php";
	

	// Nese forma aplikohet
	if(isset($_POST['email'])) {
		
		// Connect to database
		dbOpen('comunity');
		
		// POST nyshoret
		$email = trim($_POST['email']);
		$password = trim($_POST['password']);
		$cookie = $_POST['cookie'];
		
		// EMAIL NULL
		if(empty($email)) 
			$ERROR['email'] = "null";
		// EMAIL SYNTAX
		elseif(!ereg("^[-A-Za-z0-9_]+[-A-Za-z0-9_.]*[@]{1}[-A-Za-z0-9_]+[-A-Za-z0-9_.]*[.]{1}[A-Za-z]{2,5}$", $email)) 
			$ERROR['email'] = "syntax";
		// EMAIL VALUE
		else {
			
			// Pyetsori per vizitorin ne baze te emailit
			$query = mysql_query("SELECT id,name,email,logout,status,style FROM users WHERE email='$email'");
			
			//  Nese s'eshte gjet vizitori
			if (mysql_num_rows($query) == 0)
				$ERROR['email'] = "value";
			// Nese vizitori ekziston
			else
				$USER = mysql_fetch_assoc($query);
		}
		
		
		// PASSWORD NULL
		if(empty($password)) 
			$ERROR['password'] = "null";
		// PASSWORD VALUE
		elseif(empty($ERROR['email'])) {

			// Cakto vleren e password nga arkiva e vizitoreve ne baze te emailit
			$query = mysql_query("SELECT password FROM users WHERE email='$email' AND password='$password'");
			$dbpassword = implode(mysql_fetch_assoc($query));
			
			// Kontrollo saktesin e passwordit te dhene nga ana e vizitorit
			if ($dbpassword !== $password) 
				$ERROR['password'] = "value";
		}
		
		
		// ACCOUNT STATUS
		if ($USER['status'] == 0 && empty($ERROR['password'])) {
			
			
			// Nderpej punen e skriptit dhe kalo ne faqen e porosiave
			header('Location: ../message.php?sid=account&id=blocked'); 
			exit;
		}
		elseif ($USER['status'] == 1 && empty($ERROR['password'])) {
		
			// Nderpej punen e skriptit dhe kalo ne faqen e porosiave
			header('Location: ../message.php?sid=confirm&id=stillnot'); 
			exit;
		}
		
		
		// SESSION REGISTER
		if(empty($ERROR)) {
			
			// Registro identifikatorin e vizitorit
			$_SESSION['user_id'] = $USER['id'];
			// Registro emrin e vizitorit
			$_SESSION['user_name'] = $USER['name'];
			// Registro emailin e vizitorit
			$_SESSION['user_email'] = $USER['email'];
			// Registro stilin e vizitorit
			$_SESSION['user_style'] = $USER['style'];
			
			// Mbaj mend te dhenat
			if($cookie) {
				setcookie("email", $email, time()+604800);
				setcookie("password", $password, time()+604800);
			}
			
			$logout = ($USER['logout'] == 0) ? 1  : 2;
			
			// Set login date
			mysql_query("UPDATE users SET login = '".$_SERVER['REQUEST_TIME']."', logout = '$logout' WHERE id = '".$USER['id']."'");
			
			// Kalo ne faqen burimor dhe nderprit punen e skriptit
			header("Location: ".$_POST['redirect']."");
			exit;
		}
	}
	
	// Convert POST and ERROR vars in Form
	$tmp->setForm($_POST,$ERROR);
	
	// Emertimet ne faqe [lang]
	$tmp->setLabels();
	
	// Dhe cdo gje ka nje fund, trego faqen						  
	echo $tmp->vorlage;
?>